A scribbled signature may have been enough to verify your identity 20 years ago, but today’s online world requires more advanced — and authenticated or encrypted — methods of proving who, or what, you are online or within a digital environment.

Enter digital certificates — an authentication method that has an increasingly widespread role in today’s online world. Found in e-mails, mobile devices, machines, websites, advanced travel documents and more, digital certificates are the behind-the-scenes tool that helps keep identities and information safe.

What are digital certificates?

Developed during the eCommerce boom of the 1990s, digital certificates are electronic files that are used to identify people, devices and resources over networks such as the Internet.

Digital certificates also enable secure, confidential communication between two parties using encryption. When you travel to another country, your passport provides a way to establish your identity and grant you entry. Digital certificates provide similar identification in the electronic world.

Certificates are issued by a certification authority (CA). Much like the role of the passport office, the responsibility of the CA is to validate the certificate holder’s identity and to “sign” the certificate so that it is trusted by relying parties and cannot be tampered with or altered.

Once a CA has signed a certificate, the holders can present their certificate to people, websites and network resources to prove their identity and establish encrypted, confidential communication. A standard certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as:

The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address

The holder’s public key, which can be used to encrypt sensitive information for the certificate holder or to verify his or hers digital signature

The name of the certification authority that issued the certificate

A serial number

The validity period (or lifetime) of the certificate (i.e., start and end date)

The length and algorithm of any keys included.

In creating the certificate, the identity information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal on packaging — any tampering with the contents is easily detected.

Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys.

In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.

The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (e.g., encryption) executed with the public key can only be undone or decrypted with the corresponding private key, and vice versa. A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key.

Core to a digital world

At one point, the use of digital certificates was limited to secure sockets layer (SSL) implementations and public key infrastructure (PKI) environments. And while those remain two cornerstones for the technology, their value has been realized and expanded to help secure people, machines, devices and environments alike.

Spotlight

Microsoft Edge, the new browser in Windows 10, represents a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.